Search results

Privacy Shield being invalidated

Since the European Court of Justice “invalidated” the Privacy Shield, data cannot be transferred on the ground of the previous adequacy decision made by the EU Commission. This means that now data transfers must have another legal ground like the Standard Contractual Clauses (SCC) or the Binding Corporate Rules (BCR).

The European Data Protection Board (EDPB) issued a FAQ on the implication on GDPR compliance of the ECJ solution and stated that the data controller must take additional measure to ensure the same level of protection of personal data assured by GDPR: https://edpb.europa.eu/news/news/2020/european-data-protection-board-publishes-faq-document-cjeu-judgment-c-31118-schrems_en

The main issue is that the US data controllers are forced to comply with US law which prevails over Standard Contractual Clause. The EDPB concluded stating that the data controller should consider storing or processing data elsewhere than the US.

You can process personal data outside of the U.S. if you use cloud providers which have servers in the European Union - all the major providers like Amazon AWS, Google Cloud, Microsoft Azure, and others have that option. 

You can find more information about data transfer here:3 steps for data transfers according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/

You can consider enrolling in our free EU GDPR Foundations CourseEU GDPR Foundations Course https://advisera.com/training/eu-gdpr-foundations-course//

Internal audit

According to the ISO 13485:2016, requirement 8.2.4 Internal audit states that the organization must conduct internal audits at planned intervals. The purpose of an internal audit is to determine whether your quality management system conforms to both all documented arrangments, requirements of the ISO 13485:2016, and all other applicable regulatory requirements. So, yes, you need to perform another internal audit to assess the compliance with MDR. 

For more information on how the internal audit should be performed, please see following articles: 

• Five main steps in the ISO 13485:2016 internal audit - https://advisera.com/13485academy/knowledgebase/five-main-steps-in-the-iso-134852016-internal-audit/
• How to create a checklist for an ISO 13485 internal audit for your QMS - https://advisera.com/13485academy/knowledgebase/how-to-create-a-checklist-for-an-iso-13485-internal-audit-for-your-qms/
• Checklist of ISO 13485 implementation and certification steps - https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/

You can even see which documents our ISO 13485:2016 Internal audit documentation toolkit have:

• ISO 13485:2016 Internal Audit Toolkit https://advisera.com/13485academy/iso-13485-internal-audit-toolkit/

• ISO 9001 NC Management

  When one speaks about non-conformities one can be speaking about audit non-conformities or product/service non-conformities.

  

  Let us consider the product/service non-conformity situation.

  When a non-conformity is determined the first priority is to prevent the unintended delivery or use. ISO 9001:2015 provides several alternatives to treat the non-conforming product/service:

  • correcting the non-conformity by repair or rework
  • segregation, containment, return or suspension
  • recall
  • obtaining authorization under concession to use/deliver as is

  After correction quality should be controlled again.

  Record non-conformities occurrence and reasons. Record what was done and the authority that made the decision about what to do.

  The following material will provide you information about nonconformities:

  • ISO 9001 – Understanding dispositions for ISO 9001 nonconforming product - https://advisera.com/9001academy/blog/2014/11/18/understanding-dispositions-iso-9001-nonconforming-product/
  • ISO 9001 – Difference between correction and corrective action - https://advisera.com/9001academy/blog/2016/02/09/iso-9001-difference-between-correction-and-corrective-action/ ion/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• Clause for SOP implementation

  If your organization concluded that cleaning and hygiene is relevant for ensuring product or service quality the most relevant clause for that matter is 7.1.4 - Environment for the operation of processes.

  You can find more information below:

  • Clause by clause explanation of ISO 9001:2015: https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• ISO 9001 implementation time

  Smaller organizations (up to 50 employees) usually implement the standard in up to 8 months. When using our Documentation Toolkit, normally: companies of up to 10 employees - usually implement the standard in up to 3 months and companies of up to 50 employees - usually implement the standard in up to 6 months.

  You can find detailed information about how to plan and implement a quality management system in the following links:

  • Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
  • ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
  • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
  • Free webinar on demand - How to use a Documentation Toolkit for the implementation of ISO 9001 - https://advisera.com/9001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-9001-free-webinar-on-demand/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• IATF 16494 queries

  If the products designed by Site "C" are not produced on Site "A" or Site "B"; Products of Site "C" are not included in the IATF scope of Site "A" or Site "B".

  Since site "C" designs for another manufacturer (for other legal entities), "Site C" becomes a remote location within the scope of the other manufacturer.    

  For more information please see the following article

  • How to define scope of the QMS according to IATF 16949:2016 https://advisera.com/16949academy/blog/2017/06/28/how-to-define-scope-of-the-qms-according-to-iatf-16949/

     

  • Using ISO 9001 templates for ISO 27001

    ISO 27001 and ISO 9001 share many requirements and these documents can be used after slightly adjustments:

    • Procedure for Document and Record Control
    • Internal Audit Procedure
    • Procedure for Corrective Action

    These articles will provide you a further explanation about ISO 9001 and ISO 27001:

    • Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
    • How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/

    This material can also help you:

    • ISO 9001 vs. ISO 27001 matrix https://info.advisera.com/9001academy/free-download/iso-9001-2015-vs-iso-27001-2013-matrix

  • IRM roadmap and Playbook

    I'm assuming that by IRM you mean Integrated Risk Management.

    Considering that, as a baseline for you to start I suggest the following material:

    • What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
    • Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/
    • ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

    These materials will also help you regarding ISO 27001:

    • Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    • ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • ISO 9001 and Risk Based Thinking

    ISO 9001:2015 recommends the risk-based thinking applied to three situations:

    • Context;
    • Products and services;
    • Processes 

    In this free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ I show how to relate processes and risks.

    In this free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/ I show how to relate context and risks.

    The following material will provide you more information about risks and opportunities:

    • Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
    • How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    • Please check this free webinar on demand - Free webinar – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
    • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ where I use the risk-based thinking in several examples.